Add new page for fuzzing x86-64 Linux kernel on VMware VMs.
It explains how to create a VMDK image and how to run it on Ubuntu host
with Workstation installed. For now only the isolated mode of syzkaller
is supported.
Add a set of descriptions to focus the fuzzing process on the V4L2 vim2m
test driver. This should be useful to test the M2M framework.
The syscalls are based on a specific file descriptor for the vim2m
device and a selection of v4l2 ioctls that operate on it. Some of the
existing v4l2 data structure definitions have been extended to allow
restricting and selecting some options in order to narrow down the
fuzzing process.
Initial support for Request API added.
Originally, syz-manager confusingly logs corpusSignal as "cover".
Change syz-manager's logging to output corpusSignal, corpusCover
and maxSignal.
Add a field in Stats to store maxSignal.
* updated the contributor list
* Fixes#1750, syz-manager hangs with "target_reboot:" false in isolated VM mode
If in the isolated VM mode, "target_reboot": false option is set in the
syz-manager's configuration, it hangs forever. syz-manager essentially
keeps on waiting for the VM to reboot, while a reboot is never triggered
due to target_reboot option being set to false. The fix is to perform the
waitRebootAndSSH() check only when target_reboot is set to true.
File(s) changed:
vm/isolated/isolated.go: Move the waitRebootAndSSH() check inside the correct block
Create individual file for futex syscall and add description for the new
operation FUTEX_WAIT_MULTIPLE.
Signed-off-by: André Almeida <andrealmeid@collabora.com>
An upcoming patch for Linux will change the error reporting pattern for
general protection faults such that the colon doesn't necessarily come
immediately after the string "general protection fault" (see
https://lore.kernel.org/lkml/20191118142144.GC6363@zn.tnic/).
Change the pattern in syzkaller before that happens.
Note that this is not necessarily the final format; in particular, the
ordering of the KASAN note and the "general protection fault" line might
swap.
The usage of current create-image.sh:
```
./create-image.sh -d=stretch -f=minimal --add-perf
The options are in the following:
-d, --distribution Set on which debian distribution to create
-f, --feature Check what packages to install in the image, options are minimal, full
-s, --seek Image size (MB), default 2048 (2G)
-p, --add-perf Add perf support with this option enabled
The default image size may too small (2G) in some debugging scenarios, so change it to configurable.
* Add support for non-obvious open commands
* Adding Michael Specter to CONTRIBUTORS
* update
* /pkg/host/host_linux.go: leverage .txt for OpenAt
Allows users to specify OpenAt flags. Currently, Syzkaller will
automatically attempt to open device nodes at startup, and ignore
descriptions that do not exist. Unfortunately, Syzkaller only opens with
read-only permissions, and some device drivers will
return -EINVAL or likewise if the correct flags are not specified.
This adds 2 ioctls and an argument type:
- FS_IOC_ENABLE_VERITY
- FS_IOC_MEASURE_VERITY
- struct fsverity_digest
Note fs-verity on-disk structs are not yet added.
* vm/qemu: Improve debug output.
When running in debug mode, the number of VMs is reduced to 1.
State this in the debug output.
* vm/qemu: Don't start debug output with a capital letter.
As requested by Dimitry.
* vm: Provide debug message when reduing number of VMs.
Apply this change to all affected platforms for consistency.
Suggested by Dmitry.
* Add myself to AUTHORS/CONTRIBUTORS files.
* vm: Fix compilation issues missed in earlier commit.
* vm: Use logging to write debug message.
With checkpoint_net_namespace moved to setup_common,
and Android fuzzing session terminates prematurely due to
ipv4_tables not being initialized at this time.
Moving the call back to loop fixes this behavior.
* Changes made in the netbsd.md file, syzkaller made easier to install
* Name added to list of contributors
* Added name to CONTRIBUTORS file
* Changes in file regarding format issues
Makefile falsely detected a modified git tree when the first ifeq
argument was unquoted. Also switch to the $(shell ... style for
consistency.
As requested, add myself to AUTHORS and CONTRIBUTORS.
Users can specify an email address to reveive notifications when a
bug is discovered for the first time, without setting up a full fledged
dashboard. The supported mailer is mailx.
Signed-off-by: Tim Tianyang Chen <soapcn@gmail.com>
